aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/ip_fragment.c74
-rw-r--r--net/ipv4/sysctl_net_ipv4.c42
-rw-r--r--net/ipv6/af_inet6.c5
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c29
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c31
-rw-r--r--net/ipv6/reassembly.c66
-rw-r--r--net/ipv6/sysctl_net_ipv6.c40
7 files changed, 166 insertions, 121 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 2143bf30597a..a53463e594b9 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -50,7 +50,7 @@
50 * as well. Or notify me, at least. --ANK 50 * as well. Or notify me, at least. --ANK
51 */ 51 */
52 52
53int sysctl_ipfrag_max_dist __read_mostly = 64; 53static int sysctl_ipfrag_max_dist __read_mostly = 64;
54 54
55struct ipfrag_skb_cb 55struct ipfrag_skb_cb
56{ 56{
@@ -74,7 +74,7 @@ struct ipq {
74 struct inet_peer *peer; 74 struct inet_peer *peer;
75}; 75};
76 76
77struct inet_frags_ctl ip4_frags_ctl __read_mostly = { 77static struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
78 /* 78 /*
79 * Fragment cache limits. We will commit 256K at one time. Should we 79 * Fragment cache limits. We will commit 256K at one time. Should we
80 * cross that limit we will prune down to 192K. This should cope with 80 * cross that limit we will prune down to 192K. This should cope with
@@ -607,8 +607,78 @@ int ip_defrag(struct sk_buff *skb, u32 user)
607 return -ENOMEM; 607 return -ENOMEM;
608} 608}
609 609
610#ifdef CONFIG_SYSCTL
611static int zero;
612
613static struct ctl_table ip4_frags_ctl_table[] = {
614 {
615 .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH,
616 .procname = "ipfrag_high_thresh",
617 .data = &ip4_frags_ctl.high_thresh,
618 .maxlen = sizeof(int),
619 .mode = 0644,
620 .proc_handler = &proc_dointvec
621 },
622 {
623 .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH,
624 .procname = "ipfrag_low_thresh",
625 .data = &ip4_frags_ctl.low_thresh,
626 .maxlen = sizeof(int),
627 .mode = 0644,
628 .proc_handler = &proc_dointvec
629 },
630 {
631 .ctl_name = NET_IPV4_IPFRAG_TIME,
632 .procname = "ipfrag_time",
633 .data = &ip4_frags_ctl.timeout,
634 .maxlen = sizeof(int),
635 .mode = 0644,
636 .proc_handler = &proc_dointvec_jiffies,
637 .strategy = &sysctl_jiffies
638 },
639 {
640 .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL,
641 .procname = "ipfrag_secret_interval",
642 .data = &ip4_frags_ctl.secret_interval,
643 .maxlen = sizeof(int),
644 .mode = 0644,
645 .proc_handler = &proc_dointvec_jiffies,
646 .strategy = &sysctl_jiffies
647 },
648 {
649 .procname = "ipfrag_max_dist",
650 .data = &sysctl_ipfrag_max_dist,
651 .maxlen = sizeof(int),
652 .mode = 0644,
653 .proc_handler = &proc_dointvec_minmax,
654 .extra1 = &zero
655 },
656 { }
657};
658
659static int ip4_frags_ctl_register(struct net *net)
660{
661 struct ctl_table_header *hdr;
662
663 hdr = register_net_sysctl_table(net, net_ipv4_ctl_path,
664 ip4_frags_ctl_table);
665 return hdr == NULL ? -ENOMEM : 0;
666}
667#else
668static inline int ip4_frags_ctl_register(struct net *net)
669{
670 return 0;
671}
672#endif
673
674static int ipv4_frags_init_net(struct net *net)
675{
676 return ip4_frags_ctl_register(net);
677}
678
610void __init ipfrag_init(void) 679void __init ipfrag_init(void)
611{ 680{
681 ipv4_frags_init_net(&init_net);
612 ip4_frags.ctl = &ip4_frags_ctl; 682 ip4_frags.ctl = &ip4_frags_ctl;
613 ip4_frags.hashfn = ip4_hashfn; 683 ip4_frags.hashfn = ip4_hashfn;
614 ip4_frags.constructor = ip4_frag_init; 684 ip4_frags.constructor = ip4_frag_init;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 45536a91266a..82cdf23837e3 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -284,22 +284,6 @@ static struct ctl_table ipv4_table[] = {
284 .proc_handler = &proc_dointvec 284 .proc_handler = &proc_dointvec
285 }, 285 },
286 { 286 {
287 .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH,
288 .procname = "ipfrag_high_thresh",
289 .data = &ip4_frags_ctl.high_thresh,
290 .maxlen = sizeof(int),
291 .mode = 0644,
292 .proc_handler = &proc_dointvec
293 },
294 {
295 .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH,
296 .procname = "ipfrag_low_thresh",
297 .data = &ip4_frags_ctl.low_thresh,
298 .maxlen = sizeof(int),
299 .mode = 0644,
300 .proc_handler = &proc_dointvec
301 },
302 {
303 .ctl_name = NET_IPV4_DYNADDR, 287 .ctl_name = NET_IPV4_DYNADDR,
304 .procname = "ip_dynaddr", 288 .procname = "ip_dynaddr",
305 .data = &sysctl_ip_dynaddr, 289 .data = &sysctl_ip_dynaddr,
@@ -308,15 +292,6 @@ static struct ctl_table ipv4_table[] = {
308 .proc_handler = &proc_dointvec 292 .proc_handler = &proc_dointvec
309 }, 293 },
310 { 294 {
311 .ctl_name = NET_IPV4_IPFRAG_TIME,
312 .procname = "ipfrag_time",
313 .data = &ip4_frags_ctl.timeout,
314 .maxlen = sizeof(int),
315 .mode = 0644,
316 .proc_handler = &proc_dointvec_jiffies,
317 .strategy = &sysctl_jiffies
318 },
319 {
320 .ctl_name = NET_IPV4_TCP_KEEPALIVE_TIME, 295 .ctl_name = NET_IPV4_TCP_KEEPALIVE_TIME,
321 .procname = "tcp_keepalive_time", 296 .procname = "tcp_keepalive_time",
322 .data = &sysctl_tcp_keepalive_time, 297 .data = &sysctl_tcp_keepalive_time,
@@ -659,23 +634,6 @@ static struct ctl_table ipv4_table[] = {
659 .proc_handler = &proc_dointvec 634 .proc_handler = &proc_dointvec
660 }, 635 },
661 { 636 {
662 .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL,
663 .procname = "ipfrag_secret_interval",
664 .data = &ip4_frags_ctl.secret_interval,
665 .maxlen = sizeof(int),
666 .mode = 0644,
667 .proc_handler = &proc_dointvec_jiffies,
668 .strategy = &sysctl_jiffies
669 },
670 {
671 .procname = "ipfrag_max_dist",
672 .data = &sysctl_ipfrag_max_dist,
673 .maxlen = sizeof(int),
674 .mode = 0644,
675 .proc_handler = &proc_dointvec_minmax,
676 .extra1 = &zero
677 },
678 {
679 .ctl_name = NET_TCP_NO_METRICS_SAVE, 637 .ctl_name = NET_TCP_NO_METRICS_SAVE,
680 .procname = "tcp_no_metrics_save", 638 .procname = "tcp_no_metrics_save",
681 .data = &sysctl_tcp_nometrics_save, 639 .data = &sysctl_tcp_nometrics_save,
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 6738a7b0e67f..bddac0e8780f 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -721,10 +721,6 @@ static void cleanup_ipv6_mibs(void)
721static int inet6_net_init(struct net *net) 721static int inet6_net_init(struct net *net)
722{ 722{
723 net->ipv6.sysctl.bindv6only = 0; 723 net->ipv6.sysctl.bindv6only = 0;
724 net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
725 net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
726 net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
727 net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
728 net->ipv6.sysctl.flush_delay = 0; 724 net->ipv6.sysctl.flush_delay = 0;
729 net->ipv6.sysctl.ip6_rt_max_size = 4096; 725 net->ipv6.sysctl.ip6_rt_max_size = 4096;
730 net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2; 726 net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
@@ -734,7 +730,6 @@ static int inet6_net_init(struct net *net)
734 net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ; 730 net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
735 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40; 731 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
736 net->ipv6.sysctl.icmpv6_time = 1*HZ; 732 net->ipv6.sysctl.icmpv6_time = 1*HZ;
737 ipv6_frag_sysctl_init(net);
738 733
739 return 0; 734 return 0;
740} 735}
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index cf42f5cfc338..2d7b0246475d 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -297,35 +297,6 @@ static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
297 }, 297 },
298}; 298};
299 299
300#ifdef CONFIG_SYSCTL
301static ctl_table nf_ct_ipv6_sysctl_table[] = {
302 {
303 .procname = "nf_conntrack_frag6_timeout",
304 .data = &nf_frags_ctl.timeout,
305 .maxlen = sizeof(unsigned int),
306 .mode = 0644,
307 .proc_handler = &proc_dointvec_jiffies,
308 },
309 {
310 .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH,
311 .procname = "nf_conntrack_frag6_low_thresh",
312 .data = &nf_frags_ctl.low_thresh,
313 .maxlen = sizeof(unsigned int),
314 .mode = 0644,
315 .proc_handler = &proc_dointvec,
316 },
317 {
318 .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
319 .procname = "nf_conntrack_frag6_high_thresh",
320 .data = &nf_frags_ctl.high_thresh,
321 .maxlen = sizeof(unsigned int),
322 .mode = 0644,
323 .proc_handler = &proc_dointvec,
324 },
325 { .ctl_name = 0 }
326};
327#endif
328
329#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) 300#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
330 301
331#include <linux/netfilter/nfnetlink.h> 302#include <linux/netfilter/nfnetlink.h>
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index e170c67c47a5..d631631189b6 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -70,7 +70,7 @@ struct nf_ct_frag6_queue
70 __u16 nhoffset; 70 __u16 nhoffset;
71}; 71};
72 72
73struct inet_frags_ctl nf_frags_ctl __read_mostly = { 73static struct inet_frags_ctl nf_frags_ctl __read_mostly = {
74 .high_thresh = 256 * 1024, 74 .high_thresh = 256 * 1024,
75 .low_thresh = 192 * 1024, 75 .low_thresh = 192 * 1024,
76 .timeout = IPV6_FRAG_TIMEOUT, 76 .timeout = IPV6_FRAG_TIMEOUT,
@@ -79,6 +79,35 @@ struct inet_frags_ctl nf_frags_ctl __read_mostly = {
79 79
80static struct inet_frags nf_frags; 80static struct inet_frags nf_frags;
81 81
82#ifdef CONFIG_SYSCTL
83struct ctl_table nf_ct_ipv6_sysctl_table[] = {
84 {
85 .procname = "nf_conntrack_frag6_timeout",
86 .data = &nf_frags_ctl.timeout,
87 .maxlen = sizeof(unsigned int),
88 .mode = 0644,
89 .proc_handler = &proc_dointvec_jiffies,
90 },
91 {
92 .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH,
93 .procname = "nf_conntrack_frag6_low_thresh",
94 .data = &nf_frags_ctl.low_thresh,
95 .maxlen = sizeof(unsigned int),
96 .mode = 0644,
97 .proc_handler = &proc_dointvec,
98 },
99 {
100 .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
101 .procname = "nf_conntrack_frag6_high_thresh",
102 .data = &nf_frags_ctl.high_thresh,
103 .maxlen = sizeof(unsigned int),
104 .mode = 0644,
105 .proc_handler = &proc_dointvec,
106 },
107 { .ctl_name = 0 }
108};
109#endif
110
82static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, 111static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
83 struct in6_addr *daddr) 112 struct in6_addr *daddr)
84{ 113{
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 4dfcddc871ce..1815ff0cf628 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -625,12 +625,70 @@ static struct inet6_protocol frag_protocol =
625 .flags = INET6_PROTO_NOPOLICY, 625 .flags = INET6_PROTO_NOPOLICY,
626}; 626};
627 627
628void ipv6_frag_sysctl_init(struct net *net) 628#ifdef CONFIG_SYSCTL
629static struct ctl_table ip6_frags_ctl_table[] = {
630 {
631 .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
632 .procname = "ip6frag_high_thresh",
633 .data = &init_net.ipv6.sysctl.frags.high_thresh,
634 .maxlen = sizeof(int),
635 .mode = 0644,
636 .proc_handler = &proc_dointvec
637 },
638 {
639 .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,
640 .procname = "ip6frag_low_thresh",
641 .data = &init_net.ipv6.sysctl.frags.low_thresh,
642 .maxlen = sizeof(int),
643 .mode = 0644,
644 .proc_handler = &proc_dointvec
645 },
646 {
647 .ctl_name = NET_IPV6_IP6FRAG_TIME,
648 .procname = "ip6frag_time",
649 .data = &init_net.ipv6.sysctl.frags.timeout,
650 .maxlen = sizeof(int),
651 .mode = 0644,
652 .proc_handler = &proc_dointvec_jiffies,
653 .strategy = &sysctl_jiffies,
654 },
655 {
656 .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
657 .procname = "ip6frag_secret_interval",
658 .data = &init_net.ipv6.sysctl.frags.secret_interval,
659 .maxlen = sizeof(int),
660 .mode = 0644,
661 .proc_handler = &proc_dointvec_jiffies,
662 .strategy = &sysctl_jiffies
663 },
664 { }
665};
666
667static int ip6_frags_sysctl_register(struct net *net)
668{
669 struct ctl_table_header *hdr;
670
671 hdr = register_net_sysctl_table(net, net_ipv6_ctl_path,
672 ip6_frags_ctl_table);
673 return hdr == NULL ? -ENOMEM : 0;
674}
675#else
676static inline int ip6_frags_sysctl_register(struct net *net)
629{ 677{
630 if (net != &init_net) 678 return 0;
631 return; 679}
680#endif
632 681
682static int ipv6_frags_init_net(struct net *net)
683{
633 ip6_frags.ctl = &net->ipv6.sysctl.frags; 684 ip6_frags.ctl = &net->ipv6.sysctl.frags;
685
686 net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
687 net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
688 net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
689 net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
690
691 return ip6_frags_sysctl_register(net);
634} 692}
635 693
636int __init ipv6_frag_init(void) 694int __init ipv6_frag_init(void)
@@ -641,6 +699,8 @@ int __init ipv6_frag_init(void)
641 if (ret) 699 if (ret)
642 goto out; 700 goto out;
643 701
702 ipv6_frags_init_net(&init_net);
703
644 ip6_frags.hashfn = ip6_hashfn; 704 ip6_frags.hashfn = ip6_hashfn;
645 ip6_frags.constructor = ip6_frag_init; 705 ip6_frags.constructor = ip6_frag_init;
646 ip6_frags.destructor = NULL; 706 ip6_frags.destructor = NULL;
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 7197eb74a755..408691b777c2 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -38,40 +38,6 @@ static ctl_table ipv6_table_template[] = {
38 .proc_handler = &proc_dointvec 38 .proc_handler = &proc_dointvec
39 }, 39 },
40 { 40 {
41 .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
42 .procname = "ip6frag_high_thresh",
43 .data = &init_net.ipv6.sysctl.frags.high_thresh,
44 .maxlen = sizeof(int),
45 .mode = 0644,
46 .proc_handler = &proc_dointvec
47 },
48 {
49 .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,
50 .procname = "ip6frag_low_thresh",
51 .data = &init_net.ipv6.sysctl.frags.low_thresh,
52 .maxlen = sizeof(int),
53 .mode = 0644,
54 .proc_handler = &proc_dointvec
55 },
56 {
57 .ctl_name = NET_IPV6_IP6FRAG_TIME,
58 .procname = "ip6frag_time",
59 .data = &init_net.ipv6.sysctl.frags.timeout,
60 .maxlen = sizeof(int),
61 .mode = 0644,
62 .proc_handler = &proc_dointvec_jiffies,
63 .strategy = &sysctl_jiffies,
64 },
65 {
66 .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
67 .procname = "ip6frag_secret_interval",
68 .data = &init_net.ipv6.sysctl.frags.secret_interval,
69 .maxlen = sizeof(int),
70 .mode = 0644,
71 .proc_handler = &proc_dointvec_jiffies,
72 .strategy = &sysctl_jiffies
73 },
74 {
75 .ctl_name = NET_IPV6_MLD_MAX_MSF, 41 .ctl_name = NET_IPV6_MLD_MAX_MSF,
76 .procname = "mld_max_msf", 42 .procname = "mld_max_msf",
77 .data = &sysctl_mld_max_msf, 43 .data = &sysctl_mld_max_msf,
@@ -126,16 +92,12 @@ static int ipv6_sysctl_net_init(struct net *net)
126 ipv6_table[1].child = ipv6_icmp_table; 92 ipv6_table[1].child = ipv6_icmp_table;
127 93
128 ipv6_table[2].data = &net->ipv6.sysctl.bindv6only; 94 ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
129 ipv6_table[3].data = &net->ipv6.sysctl.frags.high_thresh;
130 ipv6_table[4].data = &net->ipv6.sysctl.frags.low_thresh;
131 ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
132 ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
133 95
134 /* We don't want this value to be per namespace, it should be global 96 /* We don't want this value to be per namespace, it should be global
135 to all namespaces, so make it read-only when we are not in the 97 to all namespaces, so make it read-only when we are not in the
136 init network namespace */ 98 init network namespace */
137 if (net != &init_net) 99 if (net != &init_net)
138 ipv6_table[7].mode = 0444; 100 ipv6_table[3].mode = 0444;
139 101
140 net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path, 102 net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
141 ipv6_table); 103 ipv6_table);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-12 09:44:01 -0500